Information on source package samba

Available versions

ReleaseVersion
squeeze, squeeze2:3.5.6~dfsg-3squeeze11
wheezy, wheezy2:3.6.6-6+deb7u2
jessie2:4.1.6+dfsg-1
sid2:4.1.7+dfsg-1

Open issues

BugsqueezewheezyjessiesidDescription
CVE-2012-6150vulnerablevulnerablefixedfixedThe winbind_name_list_to_sid_string_list function in ...
CVE-2013-4496vulnerablevulnerablefixedfixedSamba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 ...

Open unimportant issues

BugsqueezewheezyjessiesidDescription
CVE-2010-1635vulnerablevulnerablevulnerablevulnerableThe chain_reply function in process.c in smbd in Samba before 3.4.8 ...
CVE-2010-1642vulnerablevulnerablevulnerablevulnerableThe reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in ...

Resolved issues

BugDescription
CVE-2002-1318Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers ...
CVE-2002-2196Samba before 2.2.5 does not properly terminate the ...
CVE-2003-0085Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...
CVE-2003-0086The code for writing reg files in Samba before 2.2.8 allows local ...
CVE-2003-0196Multiple buffer overflows in Samba before 2.2.8a may allow remote ...
CVE-2003-0201Buffer overflow in the call_trans2open function in trans2.c for Samba ...
CVE-2003-1332Stack-based buffer overflow in the reply_nttrans function in Samba ...
CVE-2004-0082The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and ...
CVE-2004-0186smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, ...
CVE-2004-0600Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...
CVE-2004-0686Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...
CVE-2004-0807Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...
CVE-2004-0808The process_logon_packet function in the nmbd server for Samba 3.0.6 ...
CVE-2004-0815The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...
CVE-2004-0829smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...
CVE-2004-0882Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...
CVE-2004-0930The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...
CVE-2004-1154Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...
CVE-2004-2546Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a ...
CVE-2006-1059The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine ...
CVE-2006-3403The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote ...
CVE-2007-0452smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users ...
CVE-2007-0453Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 ...
CVE-2007-0454Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...
CVE-2007-2407The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows ...
CVE-2007-2444Logic error in the SID/Name translation functionality in smbd in Samba ...
CVE-2007-2446Multiple heap-based buffer overflows in the NDR parsing in smbd in ...
CVE-2007-2447The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 ...
CVE-2007-4138The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in ...
CVE-2007-4572Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, ...
CVE-2007-5398Stack-based buffer overflow in the reply_netbios_packet function in ...
CVE-2007-6015Stack-based buffer overflow in the send_mailslot function in nmbd in ...
CVE-2008-1105Heap-based buffer overflow in the receive_smb_raw function in ...
CVE-2008-3789Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb ...
CVE-2008-4314smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to ...
CVE-2009-0022Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows ...
CVE-2009-1886Multiple format string vulnerabilities in client/client.c in smbclient ...
CVE-2009-1888The acl_group_override function in smbd/posix_acls.c in smbd in Samba ...
CVE-2009-2813Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and ...
CVE-2009-2906smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, ...
CVE-2009-2948mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before ...
CVE-2010-0547client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier ...
CVE-2010-0728smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is ...
CVE-2010-0787client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, ...
CVE-2010-0926The default configuration of smbd in Samba before 3.3.11, 3.4.x before ...
CVE-2010-2063Buffer overflow in the SMB1 packet chaining implementation in the ...
CVE-2010-3069Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse ...
CVE-2011-0719Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 ...
CVE-2011-1678smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to ...
CVE-2011-2522Multiple cross-site request forgery (CSRF) vulnerabilities in the ...
CVE-2011-2694Cross-site scripting (XSS) vulnerability in the chg_passwd function in ...
CVE-2011-2724The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs ...
CVE-2011-3585
CVE-2012-0817Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote ...
CVE-2012-0870Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used ...
CVE-2012-1182The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before ...
CVE-2012-2111The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) ...
CVE-2013-0172Samba 4.0.x before 4.0.1, in certain Active Directory ...
CVE-2013-0213The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, ...
CVE-2013-0214Cross-site request forgery (CSRF) vulnerability in the Samba Web ...
CVE-2013-0454The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the ...
CVE-2013-4124Integer overflow in the read_nttrans_ea_list function in nttrans.c in ...
CVE-2013-4408Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done ...
CVE-2013-4475Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, ...
CVE-2013-4476Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is ...
CVE-2013-6442The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before ...
TEMP-0514151-B17364samba: Account locking out doesnt work with an LDAP backend

Security announcements

DSADescription
DSA-2812-1samba - several
DSA-2812-1samba - several
DSA-2617-1samba - several issues
DSA-2463-1samba - missing permission checks
DSA-2450-1samba - privilege escalation
DSA-2290-1samba - cross-side scripting
DSA-2290-1samba - cross-side scripting
DSA-2175-1samba - missing input sanisiting
DSA-2175-1samba - missing input sanisiting
DSA-2109-1samba - buffer overflow
DSA-2061-1samba - arbitrary code execution
DSA-2004-1samba - several vulnerabilities
DSA-1908-1samba - several vulnerabilities
DSA-1823-1samba - several vulnerabilities
DSA-1590-1samba - arbitrary code execution
DSA-1427-1samba - buffer overflow
DSA-1427-1samba - buffer overflow
DSA-1409-3samba - several vulnerabilities (update)
DSA-1409-3samba - several vulnerabilities (update)
DSA-1409-2samba - several vulnerabilities
DSA-1409-2samba - several vulnerabilities
DSA-1409-1samba - several vulnerabilities
DSA-1409-1samba - several vulnerabilities
DSA-1291-2samba
DSA-1291-2samba
DSA-1257samba
DSA-1110samba - missing input sanitising
DSA-701-1samba - integer overflows
DSA-600-1samba - arbitrary file access
DSA-463samba - privilege escalation
DSA-280samba - buffer overflow
DSA-262samba - remote exploit
DSA-200samba - remote exploit

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)